Regulatory compliance and certifications

Board Cloud has been built from the ground up in accordance with industry best practices and current regulatory requirements.

As part of the Company’s commitment to maintaining a world-class security service, Board validates the effectiveness of its cloud security controls by auditing its environment using internationally recognized auditing standards. Board has achieved the following certifications:

ISO/IEC 27001:2022

Board maintains an ISO/IEC 27001:2022 certification for Board Cloud to demonstrate its compliance with the requirements defined in the ISO/IEC 27001:2022 Information Security Management standard. Board’s ISO/IEC 27001:2022 certificate is available for customer and prospective review here. The scope of certification is the “design and development of Board platform for Business Intelligence, Performance Management, and Analytics and its own installation, maintenance, and supporting through cloud SaaS service (Software as a Service)”.

SOC 1 Type II

The SOC 1 (Service Organization Controls) report aligns with auditing standards SSAE 18 and ISAE 3402.

It offers guidance for auditors evaluating a service organization's internal controls relevant to customer financial reporting. The SOC 1 Type II report specifically assesses the design and effectiveness of IT controls on Board Cloud in achieving control objectives over a specified period. This audit is performed annually by an independent third-party auditor, and the report is available on request.

SOC 2 Type II

SOC 2 Type II reports assess controls at a service organization that are unrelated to financial reporting. The focus is on standards important to the security, availability, or processing integrity of the service organization’s system, as well as the confidentiality and privacy. It covers one or more trust principles from the Trust Services Principles and Criteria (TSP) maintained by the AICPA. The report provides detailed descriptions of the tests conducted by the auditor and the results. Board Cloud’s SOC 2 Type II report specifically focuses on security and availability controls and is available upon request.

SOC 3

The SOC 3 report is a public report, and it is a short version of the SOC 2 Type II attestation report. It provides users and interested parties with information about the controls at the service organization related to security, availability, processing integrity, confidentiality, or privacy. The Board Cloud’s SOC 3 report is created by the third-party company that performs the SOC 2 audit and can be downloaded from the following URL: Board International Security & Compliance.

Cloud Security Alliance

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and promoting best practices to ensure a secure cloud computing environment.  As a CSA member, Board International has completed the Cloud Security Alliance (CSA) STAR Level 1: STAR Registry Listing for Board Cloud | CSA.